Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course,
available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest
high-quality content, which is written by professional journalists,
with the help of editors, graphic designers, and our site production
and I.T. staff, as well as many other talented people who work around the clock
for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or
to simply disable your Ad Blocker while visiting this site.

Mobile users who thought they were unaffected by the Meltdown flaw affecting Intel chips are suddenly not quite so secure. A second flaw, dubbed Spectre, has been discovered -- and this time it affects ARM processors, as well as Intel and AMD chips. This means that all mobile devices that use ARM architecture (and that's pretty much all of them) are now in danger of attack.

The flaws were discovered by several teams, working independently. Meltdown was detected by researchers working for Google Project Zero, and was reported to Intel in June last year.

The vulnerability was then picked up by teams at Graz University of Technology and Cyberus Technology. Jann Horn's team at Google Project Zero also identified Spectre first, but researchers from a variety of institutions also confirmed the flaw.

A blog post from the team at the Graz University sets out the difference between the two flaws. "Meltdown breaks the mechanism that keeps applications from accessing arbitrary system memory. Consequently, applications can access system memory. Spectre tricks other applications into accessing arbitrary locations in their memory. Both attacks use side channels to obtain the information from the accessed memory location."

Good and Bad News

There's good and bad news about Spectre: the, relatively, good news is that it's a harder flaw to exploit, not something that's likely to be exploited by the archetypal teenage hacker sitting in his bedroom, but it's a weakness that could well be exploited by state security services and criminal gangs. However, the bad news is that there's no known fix for the flaw. There are, however, no known attacks in the wild.

In a statement, Intel said it was working with ARM and AMD to address the flaw. ARM has put out a security briefing note, indicating which chips could have been affected by Spectre. The company also advises its users to ensure that users are careful to follow good practice to stay as safe as possible. "It is important to note that this method is dependent on malware running locally which means it's imperative for users to practice good security hygiene by keeping their software up-to-date and avoid suspicious links or downloads," said the company in its briefing note.